Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does Captive Portal block only HTTP packets from LAN to WAN?

    Scheduled Pinned Locked Moved Captive Portal
    5 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abdurrahman
      last edited by

      Hi everybody
      Does Captive Portal block only packets going from LAN to WAN on port 80, or
      block any packets going from LAN to WAN on any ports?

      Captive Portal will be enabled on LAN interface of pfSense,and VOIP packets exist behind LAN interface of pfSense..
      Does Captive Portal block VOIP packets from LAN to WAN?

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        It blocks everything for an IP/MAC combination which is not authenticated.
        If it is authenticated then it depends on your firewall rules.

        1 Reply Last reply Reply Quote 0
        • A
          abdurrahman
          last edited by

          As far as i know, captive portal works based on ipfw rdr rules.
          if ip/mac combination of the client doesn't exist in table 1, it redirects the client packet to port 8000.
          if the client authenticates, then Floating Rules will begin to work for that client's traffic..

          should I define all voip ip addresses in the Captve Portal's Allowed IP Addresses? if I do this, does Captive Portal allow packets
          coming from the clients (defined in Allowed IP Addresses) to everywhere.

          NOTE : In my Floating Rules, voip ip addresses are allowed to any on any ports.

          @Nachtfalke:

          It blocks everything for an IP/MAC combination which is not authenticated.
          If it is authenticated then it depends on your firewall rules.

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            If you add the hosts to "Allowed IP addresses" or "MAC bypass" then this host will bypass CP and does not need  to authenticate. The rest depends again on your firewall rules.

            "Allowed IP addresses" can be defines in source or destination.

            1 Reply Last reply Reply Quote 0
            • A
              abdurrahman
              last edited by

              thanks a lot.. it will force me to define 60-70 ip addresses (voip, card reading terminals, ip telephones, ip fax devices) in Allowed IP addresses…

              Thank you again for your help..
              @Nachtfalke:

              If you add the hosts to "Allowed IP addresses" or "MAC bypass" then this host will bypass CP and does not need  to authenticate. The rest depends again on your firewall rules.

              "Allowed IP addresses" can be defines in source or destination.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.